5315 matches found
Teraleak: Pokémon Developer Game Freak Hacked; Decades of Data Leaked
Game Freak's "Teraleak" appears to expose nearly 1 terabyte of sensitive Pokémon data, including source code, cancelled games,…...
SUSE CVE-2024-47166
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
PYSEC-2024-197
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
CVE-2024-47166
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
PYSEC-2024-197
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
CVE-2024-47166
Gradio CVE-2024-47166 is a one-level read path traversal in the /custom_component endpoint. An attacker can leak source code from custom Gradio components by manipulating the file path, potentially exposing proprietary or private code on publicly accessible servers. Affected: Gradio (Python packa...
CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
Gradio has a one-level read path traversal in `/custom_component`
Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Althou...
GHSA-37QC-QGX6-9XJV Gradio has a one-level read path traversal in `/custom_component`
Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Althou...
CVE-2024-9596
CVE-2024-9596 affects GitLab EE; unauthenticated attackers can determine the GitLab version. Affected: GitLab EE versions 16.6 up to but not including 17.2.9; 17.3 up to but not including 17.3.5; 17.4 up to but not including 17.4.2. Fixes are available in the corresponding updated releases: 17.2....
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...
BIT-PHP-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...
Gradio 路径遍历漏洞
Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from an attacker's ability to access and disclose the source code of a custom...
PT-2024-32449 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 4.44 Description: This issue involves a one-level read path traversal in the "/custom component" endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating t...
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2557)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...
Book Recording App 2024-09-24 Cross Site Scripting
Exploit Title: Book Recording App - Cross Site Scripting Stored XSS Date: 05/10/2024 Exploit Author: Arif Ari Vendor Homepage: https://www.sourcecodester.com/javascript/17600/book-recording-app-using-htmlcss-vanillajs-source-code.html Software Link:...
Student Attendance Management System 1.0 Insecure Settings
============================================================================================================================================= | Title : Student Attendance Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...